A Dallas law firm has filed a lawsuit against three major automakers claiming they have failed to take basic measures to secure their vehicles from hackers.
The lawsuit, filed by Dallas-based attorney Marc Stanley on behalf of three vehicle owners and "all others similarly situated," alleges that the automobiles are open to hackers who can take control of basic functions and endanger the safety of the driver and passengers.
"Toyota, Ford and GM have deliberately hidden the dangers associated with car computer systems, misleading consumers," Stanley said in a statement.
The suit claims that vehicles without proper electronics safeguards are "defective" and worth far less than similar non-defective vehicles and seeks unspecified monetary damages and injunctive relief.
Modern cars and light trucks contain more than 50 separate electronic control units (ECUs) -- small computers connected through a controller area network (CAN) or other network such as Local Interconnect Networks or Flexray.
The lawsuit claims hackers could access ECUs on a vehicle's CAN bus and take control of basic functions such as braking, steering and acceleration, "and the driver of the vehicle would not be able to regain control.
"Disturbingly, as defendants have known, their CAN bus-equipped vehicles for years have been (and currently are) susceptible to hacking, and their ECUs cannot detect and stop hacker attacks on the CAN buses. For this reason, defendants' vehicles are not secure, and are therefore not safe," the lawsuit states.
Ford declined comment on the matter. Neither GM or Toyota responded to a request for comment.
Scott Morrison, a distinguished engineer at CA's Layer 7 Technologies, said that nothing dates a car more quickly than its electronics.
"You can get into five-year-old luxury car and it...feels like a Nintendo game...compared to the experience on your smartphone," Morrison said in an earlier interview with Computerworld.
Last year, at the Black Hat security conference in Las Vegas, two industry experts released a 92-page report revealing "the 20 most hackable cars."
Also last year, a 14-year-old during a cybersecurity challenge was able to hack into a car's CAN with an electronic remote auto communications device he assembled overnight with $15 worth of Radio Shack parts.
The lawsuit claims car owners were charged "substantial premiums" for CAN bus-equipped vehicles. And it argues that the automakers engaged in "unfair, deceptive, and/or fraudulent business practices" by failing to disclose security flaws.
"Had plaintiffs and the other class members known of the defects at the time they purchased or leased their vehicles, they would not have purchased or leased those vehicles, or would have paid substantially less for the vehicles than they did," the lawsuit said.
Sign up for CIO Asia eNewsletters.